#!/bin/bash
#!/bin/bash
#############
#Date 2022/6/8
#mail it-arch
#############
echo "##########################################"
echo "Auto Install zabbix.                    ##"
echo "Press Ctrl + C to cancel                ##"
echo "Any key to continue                     ##"
echo "##########################################"
read -n 1
/etc/init.d/iptables status >/dev/null 2>&1
if [ $? -eq 0 ]
then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT && 
iptables -I INPUT -p tcp --dport 3306 -j ACCEPT && 
iptables-save >/dev/null 2>&1
else
	echo -e "\033[32m iptables is stopd\033[0m"
fi
sed -i "s/SELINUX=enforcing/SELINUX=disabled/"  /etc/selinux/config
setenforce 0
#######################################################
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 
yum install -y vim automake autoconf gcc xz ncurses-devel \
  patch python-devel git python-pip gcc-c++  # 安装基本环境，后面依赖
yum install -y openldap openldap-servers openldap-clients openldap-devel
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf 
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 
read -p "Please input your dc:" DC
read -p "Please input your dc password:" PASSWD_dc

cat > /etc/openldap/slapd.conf << EOF
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
database config
access to *
	by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
	by * none
database monitor
loglevel	1
access to *
	by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
        by dn.exact="cn=Manager,dc=my-domain,dc=com" read
        by * none
database	bdb
suffix		"dc=$DC,dc=com"
checkpoint	1024 15
rootdn		"cn=admin,dc=$DC,dc=com"
rootpw		$PASSWD_dc
directory	/var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
EOF
echo "local4.*          /var/log/ldap.log">>/etc/rsyslog.conf
service rsyslog restart
service slapd start
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d 
chown -R ldap:ldap /etc/openldap/slapd.d/
service slapd restart
netstat -tulnp | grep slapd

